Statements (21)
Predicate | Object |
---|---|
gptkbp:instance_of |
gptkb:Common_Weakness_Enumeration
|
gptkbp:bfsLayer |
5
|
gptkbp:bfsParent |
gptkb:CWE-20
|
gptkbp:category |
Improper Input Validation
|
gptkbp:consequences |
User redirection to a malicious site.
|
gptkbp:difficulty |
gptkb:tank
|
gptkbp:enemy |
gptkb:software_framework
|
gptkbp:example |
Redirecting to a URL based on user input without validation.
|
gptkbp:has_weakness |
gptkb:CWE-601
|
https://www.w3.org/2000/01/rdf-schema#label |
CWE-601
|
gptkbp:impact |
Phishing attacks
Malware distribution |
gptkbp:is_described_as |
A weakness that allows an attacker to redirect users to a malicious site.
|
gptkbp:is_protected_by |
Use a whitelist of allowed UR Ls
Validate redirect UR Ls |
gptkbp:is_referenced_in |
gptkb:SANS_Top_25
gptkb:API NISTSP 800-53 |
gptkbp:name |
URL Redirection to Untrusted Site (' Open Redirect')
|
gptkbp:related_to |
gptkb:CWE-601
gptkb:CWE-20 |